DVWA vulnerability Range - Cross-site request forgery (CSRF)

Others 2019-07-30 12:27:06 views: null

Vulnerability principle:

  CSRF (Cross-site request forgery) cross-site request forgery, also known as "One Click Attack" or Session Riding, often abbreviated as CSRF or XSRF, is a malicious use of the site. Although it sounds like a cross-site scripting ( XSS ), but it is very different from XSS, XSS trusted users in the use of the site, while CSRF is to use trusted Web sites by masquerading as a trusted user's request. And XSS compared to the attack, CSRF attacks are often not very popular (and therefore their resources to guard against is quite rare) and difficult to defend, it is considered more than XSS more dangerous.

For the get request forgery can generate short URLs, cheat

Fishing server set up, you can put img src attribute of the requested page, the camouflage

<img src="http://localhost/dvwa/vulnerabilities/csrf/?password_new=password&password_conf=password&Change=Change#" border="0" style="display:none" />

When the browser parses html, automatically according to the request src img, triggered csrf.

 

1.low level

 

The address bar url, copy, modify password_new, password_conf, you can generate a short URL, trick to click, using the user's cookie, trusted, to achieve the purpose

Visible, click on the link, in the case of dvwa not login out directly modify the password

 

 

2. medium level

Continue to use low method returns an error

View source, discovered checked, referer field, determine the source Note: in essence by the service-side validation referer header source no problem, but when only verify the existence of this domain referer header, for example: strpos (referer head, xxx)! = false there is a problem

For example, when the html file name is set to be the domain of csrf attack sites, such as the machine localhost, set up the server, the file name is set to localhost.html, request the site to attack, referer header is: http: //xxxx.xxx. com / localhost.html

This presented a problem

. . . Ignore localhost domain name, the machine test

 

3. high level

Join the verification token, token can effectively prevent csrf, get only token before csrf, but there is cross-domain browser issue, can not obtain the token, it is difficult to use

If there is storage xss, use may be made csrf

 

to sum up

Defensive measures: join token validation, verification content increases, such as changing passwords, password input source may be required

 

Guess you like

Origin www.cnblogs.com/ktfsong/p/11267485.html
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com